FreeIPA

LXC containers provide an easy way to run applications on Proxmox with very little overhead compared to virtual machines. Unprivileged containers provide greater security compared to privileged containers. Usage of privileged containers is highly discouraged in the Proxmox documentation. However if you want to enroll LXC containers in a domain managed with FreeIPA, this will not work with unprivileged containers out of the box. Why Enrolling an Unprivileged Container is not Possible An unprivileged LXC container cannot be enrolled, due to the very high UID and GUID numbers used by FreeIPA....

Terraform is a widely used tool for Infrastructure as Code (IaC). It can be used to define and provision all kinds of resources, from VMs to databases and DNS records. In collaboration with Proxmox it can be used to create VMs and LXC containers. However one thing I struggled with for a long time was automatically enrolling a newly created VM in a FreeIPA domain. To do this three steps are needed....

Goal and Prerequisites FreeIPA is a popular application which can be used for centralized user and host management, DNS and even certificates. While multiple replicas of the FreeIPA server can provide failover, it is not truly highly-available unless the client switches over to the replica server. Therefore we will configure the web interface and the LDAP server to automatically failover and be available under the same address/hostname at all times....